News
Protecting corporate secrets an afterthought for many European firms
June 2012 by Marc Jacob
Less than half of mid-sized businesses across Europe (41 per cent) have plans in place to protect intellectual property (IP) and corporate secrets, according to recent research from global information management company Iron Mountain and PwC[i]. More than half (54 per cent) believe that protecting intellectual property and corporate secrets is less important than safeguarding customer, employee, business and financial information.
Information held in trust, such as customer and employee records, is subject to strict compliance laws and is, therefore, important to protect. However, with the global IP market now worth an estimated $180 billion a year[ii], and studies[iii] showing that proprietary information and trade secrets represent two thirds of an organisation’s value, such an apparently casual attitude to the management of Intellectual Property and other corporate secrets not subject to external law could be leaving firms exposed to industrial espionage and theft.
Of the four industry sectors analysed, the IP-intensive pharmaceutical sector performed the worst, with less than a third (30 per cent) including intellectual property and corporate secrets in their information risk management and data protection plans. The financial services (35 per cent), legal (38 per cent), manufacturing (49 per cent) and insurance (57 per cent) sectors performed only slightly better.
“Companies quite rightly pay attention to preventing the inadvertent disclosure of sensitive customer or employee information,” said Christian Toon, head of information risk at Iron Mountain Europe. “It is concerning, however, that so few companies implement an integrated approach to information and records management across the business. Just imagine what could happen if valuable company secrets such as patents, product designs, or go-to-market strategies fell into the hands of a rival.”
For Toon the research results underline a need for companies to develop a culture of Corporate Information Responsibility (CIR): “A cultural shift is needed to engage all employees in the protection of the organisation’s information assets.”
The PwC research surveyed senior managers at 600 leading European businesses with between 250 and 2,500 employees and led to the creation of Europe’s first ‘Information Risk Maturity Index’, a benchmark to help organisations evaluate their maturity when it comes to addressing information risk. The results not only revealed that companies fail to prioritise information security for corporate secrets and IP; it also showed that companies are leaving their information vulnerable to malicious insider threats through a lack of employee monitoring. The study also revealed that one in four (26 per cent) mid-sized European companies do not run background checks on new employees, potentially leaving business secrets exposed to further risk.
Employees present a potential threat to secret business information. However, simple measures that do not require a significant investment in technology can be put in place to lower the risk. Iron Mountain advises companies to design and deliver information security awareness programmes, to have the right guidance available for every person at every level, and to reward and reinforce good behaviours throughout the organisation, from the most junior to the most senior employee.
